Re: [PATCH net v2] gso: validate gso_type if SKB_GSO_DODGY

On 2018年01月19日 08:19, Willem de Bruijn wrote: From: Willem de Bruijn Validate gso_type during segmentation as SKB_GSO_DODGY sources may pass packets where the gso_type does not match the contents. Syzkaller was able to enter the SCTP gso handler with a packet of gso_type

[PATCH net-next 00/11] Aquantia atlantic driver new devices support

This patchset introduces a support for new Aquantia hardware: AQC11x family with updated hardware (B1) and firmware (2.x and 3.x branches). For that, a number of improvements in overall driver model were done: - Firmware specific ops tables. Firmware 2.x and 3.x series support functions are

[PATCH net-next 04/11] net: aquantia: Cleanup pci functions module

Driver contained a dead code of maintaining multiple pci port instances. That will never be used since for each pci function a separate NIC instance is created. Simplify this, making pci module only responsible for pci resource management. NIC initialization is also simplified accordingly.

[PATCH net-next 05/11] net: aquantia: Remove create/destroy from hw ops

These ops are not related to HW and are now implemented in pci module. Thus, remove these ops pointers and implementation. Signed-off-by: Igor Russkikh --- drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 5 -

[PATCH net-next 03/11] net: aquantia: Convert hw and caps structures to const static pointers

This removes unnecessary structure copying, and prepares the driver for separate firmware ops table introduction. We also remove extra copy of capabilities structure (which is const actually) and also replace it with a const pointer in aq_nic_cfg. Signed-off-by: Igor Russkikh

[PATCH net-next 02/11] net: aquantia: Introduce new AQC devices and capabilities

A number of new AQC devices is going to be released. To support more flexible capabilities management a number of static caps instances is now declared. Devices now are mainly differs by supported speeds, but in future more parameters will be customized. A set of AQC100 devices have fibre media,

[PATCH net-next 01/11] net: aquantia: Introduce new device ids and constants

New set of aquantia devices has an upgraded hardware (B1). The hardware interface is identical to B0. The difference will be in firmware which is incompatible with old one. Reorganized and removed duplicate speed and devid definitions Introduced explicit flow control configuration defines

[PATCH net-next 06/11] net: aquantia: Change confusing no_ff_addr to more meaningful name

The address to check if HW is not dead/hang could be stored in capabilities, since it is a constant. Change its name to better reflect the idea. Signed-off-by: Igor Russkikh --- drivers/net/ethernet/aquantia/atlantic/aq_hw.h| 2 +-

[PATCH net-next 09/11] net: aquantia: Introduce global AQC hardware reset sequence

The detailed reset sequence ensures all HW components are in aligned state before NIC startup. It also supports cards with signed firmware (RBL) and checks if their FW is valid. Signed-off-by: Igor Russkikh --- drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 1

[PATCH net-next 08/11] net: aquantia: Introduce support for new firmware on AQC cards

This defines fw2x operations table and corresponding methods. Some of the functions are being shared with 1.x firmware Signed-off-by: Igor Russkikh --- drivers/net/ethernet/aquantia/atlantic/Makefile| 1 + drivers/net/ethernet/aquantia/atlantic/aq_hw.h |

[PATCH net-next 10/11] net: aquantia: Report correct mediatype via ethtool

For devices with known capabilities of Fibre media type we now report that to ethtool. Signed-off-by: Igor Russkikh --- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 16 +--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git

[PATCH net-next 11/11] net: aquantia: bump driver version to match aquantia internal numbering

Signed-off-by: Igor Russkikh --- drivers/net/ethernet/aquantia/atlantic/ver.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/aquantia/atlantic/ver.h b/drivers/net/ethernet/aquantia/atlantic/ver.h index 9009f26..5265b93

[PATCH net-next 07/11] net: aquantia: Introduce firmware ops callbacks

New AQC cards will have an updated firmware with new binary interface. This patch extracts firmware specific operations into a separate table and prepares for the introduction of new fw 2.x and 3.x Signed-off-by: Igor Russkikh ---

Re: [Intel-wired-lan] [RFC PATCH] e1000e: Remove Other from EIAC.

On 2018/01/19 17:59, Benjamin Poirier wrote: > On 2018/01/18 07:51, Alexander Duyck wrote: > > On Wed, Jan 17, 2018 at 10:50 PM, Benjamin Poirier > > wrote: > > > It was reported that emulated e1000e devices in vmware esxi 6.5 Build > > > 7526125 do not link up after commit

Re: [PATCH 0/3] Check gso_size of packets when forwarding

Pravin Shelar writes: > On Thu, Jan 18, 2018 at 5:28 PM, Daniel Axtens wrote: >> Pravin Shelar writes: >> >>> On Thu, Jan 18, 2018 at 5:08 AM, Daniel Axtens wrote: Pravin Shelar writes: > On

Re: [PATCH] netfilter: return booleans instead of integers

On Thu, Jan 18, 2018 at 05:25:12PM -0600, Gustavo A. R. Silva wrote: > Return statements in functions returning bool should use > true/false instead of 1/0. > > These issues were detected with the help of Coccinelle. Applied, thanks.

Re: DPAA Ethernet traffice troubles with Linux kernel

> > commit 4d8ee1935bcd666360311dfdadeee235d682d69a > > Author: Florian Fainelli > > Date: Tue Aug 22 15:24:47 2017 -0700 > > fsl/man: Inherit parent device and of_node > > > > and was later addressed by this patch set: > > > >

Re: [PATCH] netfilter: nf_tables: Fix trailing semicolon

On Tue, Jan 16, 2018 at 02:51:01PM +, Luis de Bethencourt wrote: > The trailing semicolon is an empty statement that does no operation. > Removing it since it doesn't do anything. Applied.

Re: [PATCH bpf-next] bpftool: recognize BPF_PROG_TYPE_CGROUP_DEVICE programs

On Mon, Jan 15, 2018 at 07:32:01PM +, Quentin Monnet wrote: > 2018-01-15 19:16 UTC+ ~ Roman Gushchin > > Bpftool doesn't recognize BPF_PROG_TYPE_CGROUP_DEVICE programs, > > so the prog show command prints the numeric type value: > > > > $ bpftool prog show > > 1: type 15

Re: [PATCH v6 31/36] dt-bindings: nds32 CPU Bindings

2018-01-18 19:02 GMT+08:00 Arnd Bergmann : > On Mon, Jan 15, 2018 at 6:53 AM, Greentime Hu wrote: >> From: Greentime Hu >> >> This patch adds nds32 CPU binding documents. >> >> Signed-off-by: Vincent Chen >>

***BULK*** MICROSOFT WARNING MESSAGE ALERT

MICROSOFT WARNING MESSAGE ALERT Lots of your messages are currently suspended because your E-mail box account needs to be verify now. Do verify now inother to receive your pending messages without no delay. ©2018 Microsoft Outlook Inc.

Darlehensangebot

Schönen Tag, Sie benötigen einen echten Kredit online Ihre Rechnungen zu sichern? Startet ein neues Unternehmen? Sie benötigen einen persönlichen Kredit oder Business-Darlehen? Wir bieten ein Darlehen von € 10.000 bis € 500,000.000.00 mit 2% Zinsen pro Jahr und auch mit einem erschwinglichen

Re: [PATCH net] net: qdisc_pkt_len_init() should be more robust

On 2018年01月19日 11:59, Eric Dumazet wrote: From: Eric Dumazet Without proper validation of DODGY packets, we might very well feed qdisc_pkt_len_init() with invalid GSO packets. tcp_hdrlen() might access out-of-bound data, so let's use skb_header_pointer() and proper

Re: KASAN: use-after-free Read in fib6_ifup (2)

On Thu, Jan 18, 2018 at 09:58:01PM -0800, syzbot wrote: > Hello, > > syzbot hit the following crash on net-next commit > 564737f981fb4b4b3266901508bb9b90d9d43de8 > > So far this crash happened 18 times on mmots, net-next. > C reproducer is attached. > syzkaller reproducer is attached. > Raw

Re: DPAA Ethernet traffice troubles with Linux kernel

On Thu, 1970-01-01 at 00:00 +, Andrew Lunn wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > > > commit 4d8ee1935bcd666360311dfdadeee235d682d69a > > >

[PATCH net-next v2 0/2] net/sched: remove spinlock from 'csum' action

Similarly to what has been done earlier with other actions [1][2], this series tries to improve the performance of 'csum' tc action, removing a spinlock in the data path. Patch 1 lets act_csum use per-CPU counters; patch 2 removes spin_{,un}lock_bh() calls from the act() method. test procedure

[PATCH net-next v2 2/2] net/sched: act_csum: don't use spinlock in the fast path

use RCU instead of spin_{,unlock}_bh() to protect concurrent read/write on act_csum configuration, to reduce the effects of contention in the data path when multiple readers are present. Signed-off-by: Davide Caratti --- include/net/tc_act/tc_csum.h | 16 ++--

[PATCH net-next v2 1/2] net/sched: act_csum: use per-core statistics

use per-CPU counters, like other TC actions do, instead of maintaining one set of stats across all cores. This allows updating act_csum stats without the need of protecting them using spin_{,un}lock_bh() invocations. Signed-off-by: Davide Caratti --- net/sched/act_csum.c |

Re: [PATCH net v2] gso: validate gso_type if SKB_GSO_DODGY

On Fri, Jan 19, 2018 at 9:25 AM, Willem de Bruijn wrote: > On Fri, Jan 19, 2018 at 7:36 AM, Jason Wang wrote: >> >> >> On 2018年01月19日 08:19, Willem de Bruijn wrote: >>> >>> From: Willem de Bruijn >>> >>> Validate gso_type

Re: [PATCH v6 24/36] nds32: Loadable modules

2018-01-18 18:41 GMT+08:00 Arnd Bergmann : > On Mon, Jan 15, 2018 at 6:53 AM, Greentime Hu wrote: >> From: Greentime Hu >> >> This patch adds support for loadable modules. > > One detail: > > You still seem to have both the ELF_REL and

Re: [PATCH v6 03/36] sparc: io: To use the define of ioremap_[nocache|wc|wb] in asm-generic/io.h

2018-01-18 17:56 GMT+08:00 Arnd Bergmann : > On Mon, Jan 15, 2018 at 6:53 AM, Greentime Hu wrote: >> From: Greentime Hu >> >> It will be built failed if commit id: d25ea659 is selected. This patch >> can fix this build error. >> >>

[PATCH target-pending] iscsi-target: make sure to wake up sleeping login worker

Mike Christie reports: Starting in 4.14 iscsi logins will fail around 50% of the time. Problem appears to be that iscsi_target_sk_data_ready() callback may return without doing anything in case it finds the login work queue is still blocked in sock_recvmsg(). Nicholas Bellinger says: It

[PATCH net v3] gso: validate gso_type in GSO handlers

From: Willem de Bruijn Validate gso_type during segmentation as SKB_GSO_DODGY sources may pass packets where the gso_type does not match the contents. Syzkaller was able to enter the SCTP gso handler with a packet of gso_type SKB_GSO_TCPV4. On entry of transport layer gso

Re: [PATCH net v2] gso: validate gso_type if SKB_GSO_DODGY

On Fri, Jan 19, 2018 at 7:36 AM, Jason Wang wrote: > > > On 2018年01月19日 08:19, Willem de Bruijn wrote: >> >> From: Willem de Bruijn >> >> Validate gso_type during segmentation as SKB_GSO_DODGY sources >> may pass packets where the gso_type does not match

Re: net: r8169: a question of memory barrier in the r8169 driver

On Fri, Jan 19, 2018 at 02:11:18AM +0100, Francois Romieu wrote: > Peter Zijlstra : > [...] > > There is only 1 variable afaict. Memory barriers need at least 2 in > > order to be able to do _anything_. > > I don't get your point: why don't {cur_tx, dirty_tx} qualify as

Re: [PATCH bpf-next] bpftool: recognize BPF_PROG_TYPE_CGROUP_DEVICE programs

2018-01-19 14:17 UTC+ ~ Roman Gushchin > On Mon, Jan 15, 2018 at 07:32:01PM +, Quentin Monnet wrote: [...] >> Looks good, thanks Roman! >> Would you mind updating the map names as well? It seems the >> BPF_MAP_TYPE_CPUMAP is missing from the list in map.c. > > Hello,

Re: [PATCH v6 31/36] dt-bindings: nds32 CPU Bindings

2018-01-19 22:52 GMT+08:00 Arnd Bergmann : > On Fri, Jan 19, 2018 at 3:32 PM, Greentime Hu wrote: >> 2018-01-18 19:02 GMT+08:00 Arnd Bergmann : >>> On Mon, Jan 15, 2018 at 6:53 AM, Greentime Hu wrote: From: Greentime Hu

Re: [PATCH v6 31/36] dt-bindings: nds32 CPU Bindings

Hi Greentime, On Fri, Jan 19, 2018 at 4:35 PM, Greentime Hu wrote: > 2018-01-19 23:29 GMT+08:00 Geert Uytterhoeven : >> On Fri, Jan 19, 2018 at 4:18 PM, Greentime Hu wrote: >>> 2018-01-19 22:52 GMT+08:00 Arnd Bergmann

Re: [PATCH target-pending] iscsi-target: make sure to wake up sleeping login worker

On Fri, 2018-01-19 at 14:36 +0100, Florian Westphal wrote: > Mike Christie reports: > Starting in 4.14 iscsi logins will fail around 50% of the time. > > Problem appears to be that iscsi_target_sk_data_ready() callback may > return without doing anything in case it finds the login work queue >

Re: [PATCH v6 06/36] nds32: Kernel booting and initialization

On Fri, Jan 19, 2018 at 5:34 PM, Greentime Hu wrote: > Hi, Arnd: > > 2018-01-18 18:11 GMT+08:00 Arnd Bergmann : >> On Mon, Jan 15, 2018 at 6:53 AM, Greentime Hu wrote: >> >> I had not looked at this patch in enough detail earlier, sorry

Re: [PATCH] net/mlx4_en: ensure rx_desc updating reaches HW before prod db updating

Hi Tariq Very sad that the crash was reproduced again after applied the patch. --- a/drivers/net/ethernet/mellanox/mlx4/en_rx.c +++ b/drivers/net/ethernet/mellanox/mlx4/en_rx.c @@ -252,6 +252,7 @@ static inline bool mlx4_en_is_ring_empty(struct mlx4_en_rx_ring *ring) static inline void

Re: pull-request: wireless-drivers-next 2018-01-19

From: Kalle Valo Date: Fri, 19 Jan 2018 10:59:33 +0200 > a pull request to net-next tree for 4.16. This should be the last pull > request in this cycle, unless Linus releases -rc9 of course. Only few > patches so should be an easy one. Please let me know if there are any >

Re: [PATCH] net/mlx4_en: ensure rx_desc updating reaches HW before prod db updating

On Fri, 2018-01-19 at 23:16 +0800, jianchao.wang wrote: > Hi Tariq > > Very sad that the crash was reproduced again after applied the patch. > > --- a/drivers/net/ethernet/mellanox/mlx4/en_rx.c > +++ b/drivers/net/ethernet/mellanox/mlx4/en_rx.c > @@ -252,6 +252,7 @@ static inline bool

[PATCH net-next] net: Move net:netns_ids destruction out of rtnl_lock() and document locking scheme

Currently, we unhash a dying net from netns_ids lists under rtnl_lock(). It's a leftover from the time when net::netns_ids was introduced. There was no net::nsid_lock, and rtnl_lock() was mostly need to order modification of alive nets nsid idr, i.e. for: for_each_net(tmp) {

Re: [PATCH net] net: validate untrusted gso packets

On Fri, Jan 19, 2018 at 3:19 AM, Jason Wang wrote: > > > On 2018年01月19日 08:53, Willem de Bruijn wrote: > > And what you propose here is just a very small subset of the > necessary checking, more comes at gso header checking. So even if we > care >

[PATCH net-next] net: hns3: converting spaces into tabs to avoid checkpatch.pl warning

Spaces were mistakenly used instead of tabs in some of the code related to reset functionality, which caused checkpatch.pl errors. These were missed earlier so fixing them now. Signed-off-by: Salil Mehta --- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 4 ++-- 1

Re: [PATCH v6 31/36] dt-bindings: nds32 CPU Bindings

Hi Greentime, On Fri, Jan 19, 2018 at 4:18 PM, Greentime Hu wrote: > 2018-01-19 22:52 GMT+08:00 Arnd Bergmann : >> On Fri, Jan 19, 2018 at 3:32 PM, Greentime Hu wrote: >>> 2018-01-18 19:02 GMT+08:00 Arnd Bergmann : On

Re: [PATCH v6 31/36] dt-bindings: nds32 CPU Bindings

On Fri, Jan 19, 2018 at 3:32 PM, Greentime Hu wrote: > 2018-01-18 19:02 GMT+08:00 Arnd Bergmann : >> On Mon, Jan 15, 2018 at 6:53 AM, Greentime Hu wrote: >>> From: Greentime Hu >>> >>> This patch adds nds32 CPU

Re: pull-request: can-next 2018-01-16,pull-request: can-next 2018-01-16

From: Marc Kleine-Budde Date: Fri, 19 Jan 2018 10:48:11 +0100 > this is a pull request for net-next/master consisting of 1 patch. > > This patch by Arnd Bergmann for the m_can driver silences a compiler > warning if CONFIG_PM is not selected. Pulled, thanks Marc.

Re: [Intel-wired-lan] [RFC PATCH] e1000e: Remove Other from EIAC.

On Fri, Jan 19, 2018 at 5:36 AM, Benjamin Poirier wrote: > On 2018/01/19 17:59, Benjamin Poirier wrote: >> On 2018/01/18 07:51, Alexander Duyck wrote: >> > On Wed, Jan 17, 2018 at 10:50 PM, Benjamin Poirier >> > wrote: >> > > It was reported that

[PATCH iproute2 2/4] iptnl/ip6tnl: Unify ttl/hoplimit parsing routines

Handle "inherit" case properly for gre6 and ip6tnl. Use get_u8() in gre to parse ttl/hoplimit. Be consistent about "hlim" alias to ttl/hoplimit support. Signed-off-by: Serhey Popovych --- ip/link_gre.c| 10 +++--- ip/link_gre6.c | 13 +++--

[PATCH iproute2 4/4] iplink: Use ll_name_to_index() instead of if_nametoindex()

While benefit from using ll_name_to_index() with populated cache can potentially be exploited only in few places (e.g. bridge fdb/mdb/vlan show routines) there is another advantage of ll_name_to_index() over plain if_nametoindex(): in case of if_nametoindex() failure ll_name_to_index() will

[PATCH iproute2 0/4] ip/tunnel: Minor cleanups and improvements

It is small series of fixes and code cleanups: 1) Add space after encap-[ds]port parameter value in tunnel encapsulation options output. 2) Unify ttl/hoplimit parsing routines by using get_u8(), handling "inherit" and "hlim" as alias to "hoplimit" and "ttl" parameter name.

[PATCH iproute2 3/4] vti/vti6: Minor improvements

In prepare of link_vti.c and link_vti6.c merge: 1) Make @fwmark of __u32 type instead of unsigned int in vti to match with rest tunneling code. 2) Report when unable to translate @link network device name to index instead of silently exiting in vti6. 3) Remove newline separating

[PATCH iproute2 1/4] tunnel: Add space between encap-dport and encap-sport in non-JSON output

Fixes: bad76e6b1f44 ("ip/tunnel: Abstract tunnel encapsulation options printing") Fixes: e2d4588331fc ("ip: link_gre.c: add json output support") Signed-off-by: Serhey Popovych --- ip/tunnel.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git

Re: [PATCH v6 31/36] dt-bindings: nds32 CPU Bindings

2018-01-19 23:29 GMT+08:00 Geert Uytterhoeven : > Hi Greentime, > > On Fri, Jan 19, 2018 at 4:18 PM, Greentime Hu wrote: >> 2018-01-19 22:52 GMT+08:00 Arnd Bergmann : >>> On Fri, Jan 19, 2018 at 3:32 PM, Greentime Hu

[bpf-next PATCH] samples/bpf: xdp_monitor include cpumap tracepoints in monitoring

The xdp_redirect_cpu sample have some "builtin" monitoring of the tracepoints for xdp_cpumap_*, but it is practical to have an external tool that can monitor these transpoint as an easy way to troubleshoot an application using XDP + cpumap. Specifically I need such external tool when working on

Re: [PATCH v6 06/36] nds32: Kernel booting and initialization

Hi, Arnd: 2018-01-18 18:11 GMT+08:00 Arnd Bergmann : > On Mon, Jan 15, 2018 at 6:53 AM, Greentime Hu wrote: > > I had not looked at this patch in enough detail earlier, sorry about > that. It should be > easy enough to fix though. > >> +#ifdef

Re: [PATCH] caif: reduce stack size with KASAN

From: Arnd Bergmann Date: Tue, 16 Jan 2018 17:34:00 +0100 > When CONFIG_KASAN is set, we can use relatively large amounts of kernel > stack space: > > net/caif/cfctrl.c:555:1: warning: the frame size of 1600 bytes is larger than > 1280 bytes [-Wframe-larger-than=] > > This adds

[PATCH 07/32] netfilter: nf_tables: get rid of struct nft_af_info abstraction

Remove the infrastructure to register/unregister nft_af_info structure, this structure stores no useful information anymore. Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/nf_tables.h | 23 +-- net/bridge/netfilter/nf_tables_bridge.c | 25 +--

[PATCH 13/32] netfilter: add IPv6 segment routing header 'srh' match

From: Ahmed Abdelsalam It allows matching packets based on Segment Routing Header (SRH) information. The implementation considers revision 7 of the SRH draft. https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-07 Currently supported match options include:

[PATCH 10/32] netfilter: core: make local function __nf_unregister_net_hook static

From: Wei Yongjun Fixes the following sparse warning: net/netfilter/core.c:380:6: warning: symbol '__nf_unregister_net_hook' was not declared. Should it be static? Signed-off-by: Wei Yongjun Signed-off-by: Pablo Neira Ayuso

[PATCH 11/32] netfilter: remove duplicated include

From: Wei Yongjun Signed-off-by: Wei Yongjun Signed-off-by: Pablo Neira Ayuso --- net/ipv6/netfilter/nf_flow_table_ipv6.c | 1 - net/netfilter/nf_queue.c| 2 -- 2 files changed, 3 deletions(-) diff --git

[PATCH 12/32] netfilter: core: return EBUSY in case NAT hook is already in use

EEXIST is used for an object that already exists, with the same name/handle. However, there no same object there, instead there is a object that is using the single slot that is available for NAT hooks since patch f92b40a8b264 ("netfilter: core: only allow one nat hook per hook point"). Let's

[PATCH 29/32] netfilter: nf_tables: Fix trailing semicolon

From: Luis de Bethencourt The trailing semicolon is an empty statement that does no operation. Removing it since it doesn't do anything. Signed-off-by: Luis de Bethencourt Signed-off-by: Pablo Neira Ayuso ---

[PATCH 30/32] netfilter: delete /proc THIS_MODULE references

From: Alexey Dobriyan /proc has been ignoring struct file_operations::owner field for 10 years. Specifically, it started with commit 786d7e1612f0b0adb6046f19b906609e4fe8b1ba ("Fix rmmod/read/write races in /proc entries"). Notice the chunk where inode->i_fop is initialized

Re: [PATCH net-next] tcp: avoid negotitating ECN for BBR

From: Yuchung Cheng Date: Tue, 16 Jan 2018 17:57:26 -0800 > This patch keeps BBR from negotiating ECN if sysctl ECN is > set. Prior to this patch, BBR negotiates ECN if enabled, sends > CWR upon receiving ECE ACKs but does not react to them. This can > cause confusion from the

[PATCH 09/32] netfilter: nf_tables: fix a typo in nf_tables_getflowtable()

From: Wei Yongjun Fix a typo, we should check 'flowtable' instead of 'table'. Fixes: 3b49e2e94e6e ("netfilter: nf_tables: add flow table netlink frontend") Signed-off-by: Wei Yongjun Signed-off-by: Pablo Neira Ayuso ---

[PATCH 05/32] netfilter: nf_tables: add single table list for all families

Place all existing user defined tables in struct net *, instead of having one list per family. This saves us from one level of indentation in netlink dump functions. Place pointer to struct nft_af_info in struct nft_table temporarily, as we still need this to put back reference module reference

[PATCH 02/32] netfilter: nf_tables: remove flag field from struct nft_af_info

Replace it by a direct check for the netdev protocol family. Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/nf_tables.h | 6 -- net/netfilter/nf_tables_api.c | 2 +- net/netfilter/nf_tables_netdev.c | 1 - 3 files changed, 1 insertion(+), 8 deletions(-)

[PATCH 04/32] netfilter: nf_tables: remove struct nft_af_info parameter in nf_tables_chain_type_lookup()

Pass family number instead, this comes in preparation for the removal of struct nft_af_info. Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nf_tables_api.c | 16 +++- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/net/netfilter/nf_tables_api.c

[PATCH 03/32] netfilter: nf_tables: no need for struct nft_af_info to enable/disable table

nf_tables_table_enable() and nf_tables_table_disable() take a pointer to struct nft_af_info that is never used, remove it. Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nf_tables_api.c | 21 ++--- 1 file changed, 6 insertions(+), 15 deletions(-) diff

[PATCH 00/32] Netfilter/IPVS updates for net-next

Hi David, The following patchset contains Netfilter/IPVS updates for your net-next tree. Basically, a new extension for ip6tables, simplification work of nf_tables that saves us 500 LoC, allow raw table registration before defragmentation, conversion of the SNMP helper to use the ASN.1 code

[PATCH 08/32] netfilter: x_tables: unbreak module auto loading

From: Florian Westphal a typo causes module auto load support to never be compiled in. Fixes: 03d13b6868a2 ("netfilter: xtables: add and use xt_request_find_table_lock") Reported-by: Pablo Neira Ayuso Signed-off-by: Florian Westphal

[PATCH 06/32] netfilter: nf_tables: get rid of pernet families

Now that we have a single table list for each netns, we can get rid of one pointer per family and the global afinfo list, thus, shrinking struct netns for nftables that now becomes 64 bytes smaller. And call __nft_release_afinfo() from __net_exit path accordingly to release netnamespace objects

Re: [PATCH net v2 3/3] ibmvnic: Allocate and request vpd in init_resources

On 01/18/2018 04:27 PM, John Allen wrote: > In reset events in which our memory allocations need to be reallocated, > VPD data is being freed, but never reallocated. This can cause issues if > we later attempt to access that memory or reset and attempt to free the > memory. This patch moves the

[PATCH net] be2net: restore properly promisc mode after queues reconfiguration

The commit 622190669403 ("be2net: Request RSS capability of Rx interface depending on number of Rx rings") modified be_update_queues() so the IFACE (HW representation of the netdevice) is destroyed and then re-created. This causes a regression because potential promiscuous mode is not restored

Re: [PATCHv2 net-next 1/1] forcedeth: remove unused variable

From: Zhu Yanjun Date: Tue, 16 Jan 2018 21:59:41 -0500 > The variable miistat is not used. So it is removed. > > CC: Srinivas Eeda > CC: Joe Jin > CC: Junxiao Bi > Signed-off-by: Zhu Yanjun

[PATCH 26/32] netfilter: nf_nat_snmp_basic: use asn1 decoder library

From: Taehee Yoo The basic SNMP ALG parse snmp ASN.1 payload however, since 2012 linux kernel provide ASN.1 decoder library. If we use ASN.1 decoder in the /lib/asn1_decoder.c, we can remove about 1000 line of ASN.1 parsing routine. To use asn1_decoder.c, we should write mib

[PATCH 27/32] netfilter: nf_tables: allocate handle and delete objects via handle

From: Harsha Sharma This patch allows deletion of objects via unique handle which can be listed via '-a' option. Signed-off-by: Harsha Sharma Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/nf_tables.h

[PATCH 16/32] netfilter: nf_defrag: Skip defrag if NOTRACK is set

From: Subash Abhinov Kasiviswanathan conntrack defrag is needed only if some module like CONNTRACK or NAT explicitly requests it. For plain forwarding scenarios, defrag is not needed and can be skipped if NOTRACK is set in a rule. Since conntrack defrag is currently

[PATCH 31/32] netfilter: nf_tables: set flowtable priority and hooknum field

Otherwise netlink dump sends uninitialized fields to userspace. Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nf_tables_api.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index

[PATCH 15/32] netfilter: clusterip: make sure arp hooks are available

From: Florian Westphal The clusterip target needs to register an arp mangling hook, so make sure NF_ARP hooks are available. Fixes: 2a95183a5e ("netfilter: don't allocate space for arp/bridge hooks unless needed") Reported-by: kernel test robot

[PATCH 32/32] netfilter: remove messages print and boot/module load time

Several reasons for this: * Several modules maintain internal version numbers, that they print at boot/module load time, that are not exposed to userspace, as a primitive mechanism to make revision number control from the earlier days of Netfilter. * IPset shows the protocol version at

[PATCH 28/32] netfilter: return booleans instead of integers

From: "Gustavo A. R. Silva" Return statements in functions returning bool should use true/false instead of 1/0. These issues were detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Pablo Neira Ayuso

[PATCH 14/32] netfilter: improve flow table Kconfig dependencies

From: Arnd Bergmann The newly added NF_FLOW_TABLE options cause some build failures in randconfig kernels: - when CONFIG_NF_CONNTRACK is disabled, or is a loadable module but NF_FLOW_TABLE is built-in: In file included from net/netfilter/nf_flow_table.c:8:0:

[PATCH 23/32] netfilter: nf_nat_snmp_basic: remove debug parameter

From: Taehee Yoo To see debug message of nf_nat_snmp_basic, we should set debug value when we insert this module. but it is inconvenient and only using of the dynamic debugging is enough to debug. This patch just removes debug code. then in the next patch, debugging code

[PATCH 17/32] netfilter: nf_tables: flow_offload depends on flow_table

From: Arnd Bergmann Without CONFIG_NF_FLOW_TABLE, the new nft_flow_offload module produces a link error: net/netfilter/nft_flow_offload.o: In function `nft_flow_offload_iterate_cleanup': nft_flow_offload.c:(.text+0xb0): undefined reference to `nf_flow_table_iterate'

Re: kernel BUG at net/core/skbuff.c:LINE! (2)

On Tue, Jan 16, 2018 at 04:21:40PM +0800, Xin Long wrote: > ipv4 tunnels don't really set dev->hard_header_len properly, > we may should fix it in pppoe by using needed_headroom, > as what it doesn't in arp_create. > I'm a bit in doubt about which device needs to be fixed. Should ip_gre set

Fw: [Bug 198521] New: VRF: VRF device does not egress all broadcast(255.255.255.255) destined packet

Begin forwarded message: Date: Fri, 19 Jan 2018 12:59:23 + From: bugzilla-dae...@bugzilla.kernel.org To: step...@networkplumber.org Subject: [Bug 198521] New: VRF: VRF device does not egress all broadcast(255.255.255.255) destined packet https://bugzilla.kernel.org/show_bug.cgi?id=198521

Re: [net-next: PATCH 0/8] Armada 7k/8k PP2 ACPI support

Hi Mika, 2018-01-18 14:00 GMT+01:00 Andrew Lunn : >> I CC'ed Mika since he is more familiar with handling these bits of ACPI >> specs - I wonder whether this is a problem that cropped up on x86 >> systems too. > > Hi Lorenzo > > There is nothing about MDIO, PHYs, Ethernet

[PATCH 18/32] netfilter: x_tables: don't return garbage pointer on modprobe failure

From: Florian Westphal request_module may return a positive error result from modprobe, if we cast this to ERR_PTR this returns a garbage result (it passes IS_ERR checks). Fix it by ignoring modprobe return values entirely, just retry the table lookup instead. Reported-by:

[PATCH 24/32] netfilter: nf_nat_snmp_basic: replace ctinfo with dir.

From: Taehee Yoo The snmp_translate() receives ctinfo data to get dir value only. because of caller already has dir value, we just replace ctinfo with dir. Signed-off-by: Taehee Yoo Signed-off-by: Pablo Neira Ayuso ---

[PATCH 19/32] netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460

From: Subash Abhinov Kasiviswanathan ipv6_defrag pulls network headers before fragment header. In case of an error, the netfilter layer is currently dropping these packets. This results in failure of some IPv6 standards tests which passed on older kernels due to the

[PATCH 21/32] netfilter: nf_defrag: move NF_CONNTRACK bits into #ifdef

From: Arnd Bergmann We cannot access the skb->_nfct field when CONFIG_NF_CONNTRACK is disabled: net/ipv4/netfilter/nf_defrag_ipv4.c: In function 'ipv4_conntrack_defrag': net/ipv4/netfilter/nf_defrag_ipv4.c:83:9: error: 'struct sk_buff' has no member named '_nfct'

[PATCH 22/32] netfilter: nf_nat_snmp_basic: remove useless comment

From: Taehee Yoo Remove comments that do not let us know important information. Signed-off-by: Taehee Yoo Signed-off-by: Pablo Neira Ayuso --- net/ipv4/netfilter/nf_nat_snmp_basic.c | 30 -- 1 file

[PATCH 01/32] netfilter: nf_tables: remove nhooks field from struct nft_af_info

We already validate the hook through bitmask, so this check is superfluous. When removing this, this patch is also fixing a bug in the new flowtable codebase, since ctx->afi points to the table family instead of the netdev family which is where the flowtable is really hooked in. Signed-off-by:

[PATCH 25/32] netfilter: nf_nat_snmp_basic: use nf_ct_helper_log

From: Taehee Yoo Use nf_ct_helper_log to write log message. Signed-off-by: Taehee Yoo Signed-off-by: Pablo Neira Ayuso --- net/ipv4/netfilter/nf_nat_snmp_basic.c | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-)

[PATCH 20/32] netfilter: nf_defrag: mark xt_table structures 'const' again

From: Arnd Bergmann As a side-effect of adding the module option, we now get a section mismatch warning: WARNING: net/ipv4/netfilter/iptable_raw.o(.data+0x1c): Section mismatch in reference from the variable packet_raw to the function .init.text:iptable_raw_table_init() The

Re: [PATCH net v2 2/3] ibmvnic: Revert to previous mtu when unsupported value requested

On 01/18/2018 04:27 PM, John Allen wrote: > If we request an unsupported mtu value, the vnic server will suggest a > different value. Currently we take the suggested value without question > and login with that value. However, the behavior doesn't seem completely > sane as attempting to change

  1   2   3   >